"This method of distribution allows the attacker to maximize their capability on multiple platforms," he said.

Stephen Cobb, security evangelist for ESET, said cybercriminals have treated malware development and methods for infecting systems as a business for years. "We can expect to see further application of business logic -- such as economies of scale, division of labor, and risk/reward calculations -- to developments in this space," he said in an interview via email.

Backdoor Olyx and its variants are typically downloaded by victims clicking on malicious links or visiting malware-distributing Web sites. The Trojans are also distributed through e-mail attachments.

Because the malware attacks known vulnerabilities, the best defense is to keep security software up-to-date and install the latest operating system and third-party security patches. "This best practice should extend to all devices and platforms, especially those in large enterprise networks," Ferrer said.

Additional options include uninstalling Java. While the platform is often necessary in servers, its importance has diminished in desktops and laptops with the use of newer Web technologies.

To make other software safer, users can run applications in the safest configuration possible, according to Wolfgang Kandek, chief technology officer for Qualys. He noted, for example, that users can turn off Javascript in Adobe Reader as one way to bolster security in that software.